Monday, December 27, 2010

I have this application that I use and it is awesome. DropBox. DropBox is a cloud based (Internet) application that allows me and my team to share documents and access them virtually from anywhere. I can review and edit these documents on my desktop, my laptop, my iPad, and review them on my Android phone. Talk about convenience.

What is so cool about the application is that it also provides automatic online backup of the documents and keeps a revision history so you can “go back” to a previous version of a document. It even keeps deleted documents, just in case you didn’t really mean to delete that oh so important Word document.

So why write about this on a digital forensics blog? Applications like Dropbox are the future of distributed file sharing. There are quite a few applications that serve the same or similar purpose such as Google Docs, Windows Live Skydrive and Apple’s Mobile Me.

What’s interesting about these applications is the potential to hold discoverable electronic evidence.

The basic approach to ESI (Electronically Stored Information) cases is to follow the who, what, where and how of potential evidence.

Who are you trying to find out information about, or who owned, modified, deleted or created a document or email.

What are you looking for? This part is pretty well defined; Email, Documents, Spreadsheets and so forth.

Where might this evidence be stored? This is what is getting more complicated with more storage options gaining ground in the marketplace.

How do you get the evidence? In the old days, that was the simplest of questions; either from the computer hard drive or a floppy disk. You would get access to the computer in question and do the evidence collection.

These days, the interrogatories for building a discovery motion needs to include the possibility of cloud storage applications like these.

Companies should also bear in mind that since these applications sync file to multiple devices, and an employee now has a copy of the files and can access them from their home computer as well as their office computer or company laptop.

When you look at obtaining electronic discovery, one of the approaches now must be: Does the custodian of interest have access to or participate in on-line shared storage options beyond SharePoint server or a company file share. If the company is using an on-line backup service in the cloud, will documents be available there that are not on the local computers and servers?

The beauty of applications like Dropbox is the audit trail that is automatically created when documents are modified or deleted from Dropbox.

Dropbox also keeps a log of all events that occur:

While there is a limit to how far back you can restore a file, the history of events goes back for months.

I encourage you to think outside the box, no pun intended, when considering what you want to ask for in electronic discovery and how you might gain access to it.

1 comment:

I am a PhD student in Cyber Forensics. I also use Dropbox. I must say, I LOVE Dropbox!! Extremely helpful, especially with all of my research at school. However, I honestly never thought of how programs such as this could pose an issue in regards to forensics. I wonder how many people in law enforcement don't even think about these various types of applications. I feel like they are just now starting to consider Social Networking Sites, in regards to investigation, however, I have never heard of them utilizing these various applications in their applications. Great blog!

About EX FORENSIS

This is where I share my thoughts on the digital forensics field, talk about recent court rulings that impact digital forensics and anything else that comes to mind; mostly serious, sometimes not so much.

All writings on this blog are the original works of the author, Larry E. Daniel, unless otherwise stated, and are subject to the copyright laws of the United States.

Disclaimer

I am not an attorney. Nothing I post in this blog is intended to be, nor should be considered as legal advice. If you have a legal question you should seek the services of a licensed attorney in your area. Guest authors or others who are invited to post here are covered by the same disclaimer. Nothing on this blog is legal advice.